forked from IdentityPython/SATOSA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathldap_attribute_store.yaml.example
51 lines (51 loc) · 1.74 KB
/
ldap_attribute_store.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
module: plugins.microservices.ldap_attribute_store.LdapAttributeStore
name: LdapAttributeStore
config:
ldap_url: ldaps://ldap.example.org
bind_dn: cn=admin,dc=example,dc=org
bind_password: xxxxxxxx
search_base: ou=People,dc=example,dc=org
search_return_attributes:
# format is LDAP attribute name : internal attribute name
sn: surname
givenName: givenname
mail: mail
employeeNumber: employeenumber
isMemberOf: ismemberof
idp_identifiers:
# Ordered list of identifiers asserted as attributes by
# IdP to use when constructing search filter to find
# user record in LDAP directory. This example searches
# in order for eduPersonUniqueId, eduPersonPrincipalName
# combined with SAML persistent, eduPersonPrincipalName
# combined with eduPersonTargetedId,
# eduPersonPrincipalName, SAML persistent, and
# eduPersonTargetedId.
- epuid
-
- eppn
- name_id: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-
- eppn
- edupersontargetedid
- eppn
- name_id: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- edupersontargetedid
ldap_identifier_attribute: uid
# Whether to clear values for attributes incoming
# to this microservice. Default is no or false.
clear_input_attributes: no
# List of LDAP attributes to use as input to hashing to create
# NameID.
user_id_from_attrs:
- employeeNumber
# Configuration may also be done per-SP with any
# missing parameters taken from the default if any.
# The configuration key is the entityID of the SP.
#
# For example:
https://sp.myserver.edu/shibboleth-sp
search_base: ou=People,o=MyVO,dc=example,dc=org
eduPersonPrincipalName: employeenumber
user_id_from_attrs:
- uid